New draft of the ePrivacy regulation: one last chance?

27 Nov 2020

The German EU Council Presidency has published a new draft of the ePrivacy regulation which is intended to supplement the European GDPR. The latest version of the draft provides substantial changes on the rules on electronic communications and digital marketing. 

In 2017, the first draft of the new ePrivacy regulation was published. Now, about three years later, the German Council Presidency has released a new draft – which is considerably different to its predecessor issued by the Croatian Council Presidency. The most important points are the following: 

  • Until now, there’s been a rule stating that a legitimate interest combined with a balancing of interests would be sufficient to allow the use of cookies without consent. This provision has been deleted: This means that mere legitimate interests are no longer enough (even with an assessment of interests) to perform tracking on websites or in apps for advertising purposes. But, the draft provides for various specific permissions which would allow processing to continue without consent in certain cases.
  • The collection of electronic communication metadata for scientific purposes and statistical counting is to be permitted under certain circumstances. The rules on processing data relating to the end users’ terminal equipment have been amended as well. Processing will still be allowed without consent, but only if it’s ‘strictly technically necessary’ and ‘specifically requested’ by the user.
  • There is still no mention in the draft of the much discussed ‘do not track’ standard, which is difficult to enforce in practice however. This standard would have made sure that cookies and other trackers need to be disabled by default from the outset – and could only be enabled with the explicit consent of the user.

Although the German draft provides for considerably stricter regulations than its predecessor in some points, it probably represents a solid compromise between the interests of data protectionists and the affected companies. As a result, the draft is considered to have a good chance of success in the European Council. Given that the eigth EU Council Presidency in a row is now dealing with the issue, it’s expected that the project will now definitely be launched – or ultimately be rejected.

If adopted, the rules would also apply to many Swiss companies, as the regulation would have an extraterritorial scope like the GDPR.

Implications

While the text of the ePrivacy regulation is still not final, it’s useful for Swiss organisations to start considering it now when planning any long-term projects like a new website or an application with the use of trackers, cookies and tags. Organisations are well advised to identify key activities that will be impacted by the regulation in order to be prepared when the final text arrives. PwC privacy experts will be happy to guide you on the precise effects of the upcoming regulation for your company and provide you with a hands-on approach. 

Contact us

Philipp Rosenauer

Philipp Rosenauer

Partner Legal, PwC Switzerland

Tel: +41 58 792 18 56